Slide Show: The (Not-So) Elite Eight In Higher Ed Breach Madness
Basketball has March Madness, but higher ed IT should be competing to stay out of the brackets for last year's worst breaches
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltc94608acf452fd67/655cf371ab171e040a838b2a/329050_DR23_Graphics_Website_V5_Default_Image_v1.png?width=700&auto=webp&quality=80&disable=upscale)
Most universities would fight for the chance to make it into the competitive brackets during March Madness. But database security vendor AppSec Inc this week drew up a bracket in which higher education institutions probably don't want to be included: the annual data breach bracket. Schools were seeded according to the size of breaches they experienced in 2011. Here are the contenders in the not-so-elite eight.
Saint Louis University
Breach Size: 12,800 records
Disclosed: Jan. 31, 2011
Details: A network hack gave attackers access to a database containing PII and personal health information for 12,000 employees and 800 students at the school. Information stolen included social security numbers, health test assessments, diagnoses and treatments.
Photo courtesy Saint Louis University
Breach Size: 176,567 records
Disclosed: Nov. 11, 2011
Details: Hackers initially broke into a VCU server that did not contain any sensitive information and then used that entry point to create two unauthorized accounts on a second server containing sensitive files including PII belonging to current and former VCU faculty, staff, students, and affiliates.
Photo courtesy Virginia Commonwealth University
Breach Size: 31,000 records
Disclosed: Mar. 4, 2011
Details: University of South Carolina exposed information about tens of thousands of faculty, staff, students, and retirees across eight campuses when it failed to lock down a server used to share vital information internally. Reported as being the result of "human error" but with few details about what happened, it is likely that this breach was the result of using FTP improperly.
Photo courtesy gamecocksonline.com
Breach Size: 19,276 records
Disclosed: Nov. 11, 2011
Details: Administrators at UTPA inadvertently exposed the student ID numbers, GPAs, and class schedule information of its entire student body by mistakenly placing a spreadsheet containing that information on a public-facing server for two months.
Photo courtesy Madywell Mascots
Breach Size: 79,000 records
Disclosed: Aug. 10, 2011
Details: The University of Wisconsin Milwaukee exposed tens of thousands of records for individuals with ties to the school when it failed to prevent hackers from putting viruses on a server containing a system for managing confidential data. UWM says there's no proof the records were accessed, but there's also no proof that they weren't compromised, either.
Photo courtesy University of Wisconsin Milwaukee
Breach Size: 12,815 records
Disclosed: Nov. 30, 2011
Details: The College of New Jersey exposed the sensitive information of student employee applicants through a flaw in its online application form for on-campus student employment that allowed unauthorized people to see information in the database that supported the Web application. The school didn't disclose how long the flawed application had been live, but it did say it fixed the vulnerability within hours of discovery.
Photo courtesy of Trenton Thunder
Breach Size: 43,000 records
Disclosed: Aug. 17, 2011
Details: A file inadvertently placed on a Web-searchable FTP server for 10 months put tens of thousands of people with records in the file at risk. The file contained information about people affiliated with Yale in 1999 and could be found through Google searches from September 2010 through July 2011.
Photo courtesy of mascots.com
Breach Size: 18,059 records
Disclosed: Jan. 11, 2011
Details: Customers who bought merchaindise from the school's UConn Co-op bookstore had their billing information exposed when a hacker breached the database for the outsourced HuskeyDirect.com that contained information for both brick-and-mortar and online customers. The hacker managed to compromise an administrative password to gain access and unencrypt information that sat encrypted in the database.
Photo courtesy of University of Connecticut
VCU
With well over 100,000 records exposed, the VCU breach far and away took the title for worst education breach in the nation during 2011.
Photo courtesy of AppSec Inc.
VCU
With well over 100,000 records exposed, the VCU breach far and away took the title for worst education breach in the nation during 2011.
Photo courtesy of AppSec Inc.
VCU
With well over 100,000 records exposed, the VCU breach far and away took the title for worst education breach in the nation during 2011.
Photo courtesy of AppSec Inc.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024